National Military Intelligence Foundation 


Activity-Based Intelligence: Coping with the "Unknown Unknowns" in Complex and 
Chaotic Environments 


Author(s): James L. Lawrence II 
Source: American Intelligence Journal, Vol. 33, No. 1 (2016), pp. 17-25 
Published by: National Military Intelligence Foundation 


Stable URL: |https://www.jstor.org/stable/10.2307/26202162 


REFERENCES 


JSTOR is a not-for-profit service that helps scholars, researchers, and students discover, use, and build upon a wide 
range of content in a trusted digital archive. We use information technology and tools to increase productivity and 
facilitate new forms of scholarship. For more information about JSTOR, please contact support@jstor.org. 


Your use of the JSTOR archive indicates your acceptance of the Terms & Conditions of Use, available at 
https://about.jstor.org/terms 


National Military Intelligence Foundation is collaborating with JSTOR to digitize, preserve and 
extend access to American Intelligence Journal 


JSTOR 


This content downloaded from 
92.247.105.147 on Thu, 30 Sep 2021 18:50:05 UTC 
All use subject to https://about.jstor.org/terms 


Activity-Based Intelligence: 


Coping with the "Unknown Unknowns" in Complex and 
Chaotic Environments 


by Col (USAF) James L. Lawrence II 


We’reswimming in sensors and we need to be careful 
we don’t drown in the data...the unavoidable truths 
are that data velocities are accelerating andthe current 
way we handle data is really overwhelmed by this 
tsunami...so we’re going to have to begin exploring 
different ways to meet the growing challenges of 
hyper-scale workloads. 


—Lieutenant General (USAF, Ret) David Deptula’ 


INTRODUCTION 


ver the past decade, military and civilian leaders 
Ox all levels of the U.S. government have 

voiced their insatiable demand for more intelligence 
information in order to successfully prosecute a war against 
al Qa’ida and its affiliate groups, as well as to thwart other 
violent extremist organizations around the globe. It is not by 
chance, then, that the call from decision-makers for more 
intelligence at all levels coincides with the steady upsurge of 
sensors, systems, and platforms augmenting the nation’s 
intelligence-gathering arsenal. The rationale behind the 
acquisition of more intelligence systems is incontestable and 
straightforward: intelligence plays a vital role in the decision- 
making process. Military commanders in Afghanistan, for 
example, continue to rely heavily on intelligence information 
in order to execute both counterterrorism and 
counterinsurgency actions. Likewise, the importance of 
intelligence information to national decision-makers becomes 
apparent when viewed through both strategic and financial 
lenses. 


From a strategic perspective, the significance of intelligence 
is highlighted several times throughout the May 2010 
National Security Strategy, stressing that “our country’s 
safety and prosperity depend on the quality of the 
intelligence we collect and the analysis we produce, our 
ability to evaluate and share this information in a timely 
manner, and our ability to counter intelligence threats.” 
From a budgetary standpoint, the value of intelligence 
throughout the Department of Defense (DOD) has steadily 
increased since 2002. Infact, FY 2010 saw DOD commit in 
excess of $80 billion toward the nation’s ISR enterprise— 


comprised of entities within both the national and military 
intelligence communities—in order to develop and acquire 
new ISR capabilities. 


This article argues that the IC should 
consider adopting an activity-based 
intelligence methodology in order to better 
address complex and chaotic problem sets 
to more effectively synthesize data into 
finalized intelligence for use by 
commanders and decision-makers. 


Yet, a concern is emerging among analysts within the IC that 
the steady growth of the ISR enterprise is complicating the 
processes and methodologies utilized to produce finalized 
intelligence. Specifically, the nature of operations in 
Afghanistan, coupled with the rapid growth of ISR sensors, 
systems, and platforms have revealed the inefficiencies 
associated with object-based intelligence production (i.e., 
cause and effect analyses that focus on a single source or 
object). Ultimately, this flood of information has 
overwhelmed the Intelligence Community (IC) with more data 
than it can effectively process, exploit, and disseminate to 
end users as finished intelligence. Thus, the purpose of this 
paper is threefold: (1) to highlight the issues surrounding 
object-based intelligence collection and analysis in 
counterinsurgency operations using Afghanistan as an 
example; (2) to discuss how the nature of intelligence 
support during counterinsurgency and counterterrorism 
operations in Afghanistan revealed inefficiencies of 
community-standard analytical processes; and (3) to 
describe the activity based intelligence methodology, and 
argue how this analytical process might best serve the IC in 
developing finalized intelligence for use by decision makers 
at all levels. This article argues that the IC should consider 
adopting an activity-based intelligence methodology in 
order to better address complex and chaotic problem sets to 
more effectively synthesize data into finalized intelligence for 
use by commanders and decision-makers. 


American Intelligence Journal 


Page 17 


Vol 33, No 1, 2016 


This content downloaded from 
92.247.105.147 on Thu, 30 Sep 2021 18:50:05 UTC 
All use subject to https://about.jstor.org/terms 


EXPANDING THE ISR ENTERPRISE 


More (and Better) ISR Hardware, Same Analytical 
Framework 


growing customer base to combat violent extremism 

round the world is relatively justifiable. In some regard, 
however, the amount of money dedicated toward expanding 
the ISR enterprise with increased sensors, systems, and 
platforms (i.e., hardware) only exacerbates a longer-term 
issue: how does the IC adapt its analytical framework (i.e., 
processes and methodologies) to operate within denied and 
contested environments in future conflicts? DOD’s ISR 
acquisition strategy leaves room for concern. To illustrate, a 
2012 audit of the acquisition program found that since 9/11 
roughly $44 billion have been allocated toward purchasing 
new and enhanced ISR capabilities—with the emphasis 
placed on Unmanned Aerial Systems (UAS).* Furthermore, 
the majority of DOD spending toward ISR has been devoted 
to the UAS fleet, multiplying an inventory total of just 167 
aircraft back in 2002 to more than 7,500 aircraft in operation 
today.’ Curiously, the audit makes no mention of any 
funding dedicated toward, or the need to invest more in. 
developing and improving the analytical framework required 
to produce finished intelligence. 


| Eee DOD’s ISR arsenal to meet the demands of a 


Consequently, the lack of oversight of the ISR acquisition 
process by DOD has resulted in countless ISR assets now in 
operation—overtaking the IC’s ability to adapt and develop 
its own analytical processes in order to keep pace within the 
current operating environment. Senior leaders must realize 
that a balanced ISR strategy “should provide clear, focused 
direction, and create a shared context that orients the ISR 
enterprise toward problem solving over production.”® 
Therefore, caution is warranted for those who assume that 
ISR enterprise expansion also takes into account the robust 
analytical framework required to produce finished 
intelligence. Both are essential to ensure leaders at all levels 
have the information required for ISR analysis, strategy 
development, and decision-making. 


Additionally, a majority of ISR platforms were scheduled to 
return to the United States at the end of 2014, as our 
commitments in Afghanistan began to decrease. This 
massive redeployment of resources left DOD with the 
decision of how to smartly reallocate these assets to 
combatant commanders in anticipation of the next major 
conflict.’ Though the operating domains for ISR in 
Afghanistan were mostly uncontested, the complexity 
associated with analyzing and producing finished 
intelligence proved challenging. Hence, the prospect of the 
IC’s ability to produce finished intelligence utilizing its 
current analytical framework while operating in a contested 
and denied environment seems daunting. For further clarity, 


the following vignette gives perspective on intelligence 
operations conducted in Afghanistan throughout the 
counterinsurgency campaign. Specifically, the example 
highlights the dilemma of utilizing a cause-and-effect type of 
analytical framework in a complex, albeit uncontested, 
operating environment. The example also infers that the IC 
should consider an analytical paradigm shift in order to 
operate successfully in the contested and denied 
environments of the future. 


COUNTERINSURGENCY: INTELLIGENCE 
OPERATIONS IN A COMPLEX 
ENVIRONMENT 


Contrasting Viewpoints of Intelligence in Iraq and 
Afghanistan 


[= nexus between relevant intelligence information 
and decision-making has been crucial throughout the 
ongoing counterinsurgency fight in Afghanistan. 
While this information has been developed utilizing a variety 
of sources and methods, the disciplines of signals 
intelligence (SIGINT), geospatial intelligence (GEOINT), and 
human intelligence (HUMINT) have been the most prolific. 
However, unlike the success of intelligence portrayed by III 
Corps leadership in Iraq during Operation IRAQI 
FREEDOM,’ previous International Security Assistance 
Force (ISAF) leadership in Afghanistan has offered a more 
pragmatic characterization. Similar to III Corps in Iraq, ISAF 
suggested that intelligence in counterinsurgency operations 
begins at the lowest echelon—shaping the decision-making 
process of commanders and leadership at the operational 
and strategic levels of warfare.’ Additionally, leaders in 
Afghanistan realized the value of small groups of analysts 
working together in Intelligence Fusion Centers; the synergy 
between military and civilian analysts significantly increased 
the throughput of direct intelligence support to kinetic 
operations. As a result, intelligence leaders in Afghanistan 
lauded the fact that “Fusion Centers were able to coordinate 
classified SIGINT and HUMINT, and real-time surveillance 
video, allowing commanders to ‘action’ the information with 
airstrikes and special operations that led to the death or 
capture of notorious terrorists...”1° 


Nevertheless, the perceived issues with intelligence in 
Afghanistan did not center on any particular discipline or its 
application primarily; i.e., there were no issues raised 
regarding how well or how poorly the IC conducted SIGINT, 
HUMINT, or GEOINT. Rather, ISAF personnel argued that 
the degree of emphasis placed on collection efforts and 
analytical processes directed toward finding, capturing, and/ 
or killing insurgents negated the IC’s ability to answer 
fundamental questions about the overall operational 
environment," thereby limiting ISAF’s overall 


Vol 33, No 1, 2016 


Page 18 


American Intelligence Journal 


This content downloaded from 
92.247.105.147 on Thu, 30 Sep 2021 18:50:05 UTC 
All use subject to https://about.jstor.org/terms 


counterinsurgency efforts to protect and gain the trust of 
the local populace. Furthermore, the catalyst behind the IC’s 
focus on insurgents was attributed to the extremists’ tactic 
of using improvised explosive devices (IEDs) against 
coalition forces. According to ISAF, coalition efforts to spot 
insurgents emplacing IEDs using aerial drones “baited 
intelligence shops into reacting to enemy tactics at the 
expense of finding ways to strike at the very heart of the 
insurgency.” Moreover, ISAF characterized intelligence 
efforts to discover insurgent networks as “labor-intensive,” 
leading to reactive methods which provided little new 
information to the brigades and regional commands. 
Moreover, lethal targeting of insurgents (i.e., 
counterterrorism targeting) would not help U.S. and allied 
forces ultimately win the war in Afghanistan." In essence, 
the object-based intelligence focus on insurgents and IEDs 
in Afghanistan—coupled with the analytical framework used 
to defeat them—underscored the community’s need to 
reconsider its approach to intelligence analysis. 


The complex nature of counterinsurgency operations in Iraq 
and Afghanistan demanded the continual passing of 
information to leaders at all levels. Likewise, both ISAF and 
III Corps leadership acknowledged and successfully 
demonstrated that critical intelligence often materialized from 
the lowest organizational echelon—with small cells of 
focused analysts dedicated to developing intelligence, 
driving operations, and informing commanders and strategic- 
level decision-makers. Still, how can the characterization of 
the quality of intelligence production vary so greatly given 
the similar counterinsurgency tenets and tactics experienced 
in both Iraq and Afghanistan? I would submit that much of 
the disparity regarding the success of intelligence 
operations in each conflict is not the result of one 
intelligence discipline versus the other, nor the level from 
where the intelligence was produced. Rather, many of the 
discrepancies encountered resulted from the linear analytical 
processes and methodologies used to produce finalized 
intelligence in a complex and dynamic counterinsurgency 
environment. 


THE PROBLEM WITH INTELLIGENCE 
ANALYSIS TODAY 


The Reactive Nature of Current Intelligence 


ntelligence analysis is a cognitive activity—both art and 
science—applying tools and methods to collected data 
nd information in order to create and deliver intelligence 

knowledge, with the goal of providing decision advantage to 
commanders and decision makers.* Given this definition, an 
accurate depiction of intelligence analysis in Iraq and 
Afghanistan is best categorized as both tactically focused 
and operationally relevant. In general, both the intelligence 
resources and activities today (whether derived from a 


forward-deployed field unit or within a national intelligence 
agency) focus primarily on tactical intelligence reporting as 
opposed to longer-term analysis of adversary intentions." 
Several reasons account for the over-saturation of this type 
of intelligence reporting; however, a major contributing 
factor is the ubiquitous nature of sensors, systems, and 
platforms capable of providing nearly instantaneous SIGINT 
and GEOINT data to the lowest-echelon warfighter.’® Before 
these current conflicts, intelligence data could take days or 
weeks to process, with the bulk of collection primarily 
reserved for intelligence analysis focusing on solving 
longer-term issues.” At present, and in specialized cases, an 
enormous amount of intelligence data has been made 
available directly to those personnel in direct support of 
ongoing operations, which continues to be the norm today." 


Another contributing factor to the reactive nature of 
intelligence operations may be the result of a common 
analytical practice currently utilized by several organizations 
within the IC. This practice is based largely on 
categorization modeling, whereby asimple framework is 
developed (e.g., a pattern-based scale derived from the 
unique characteristics or performance measurements of, for 
example, a person or an object), data are collected from a 
person or an object and input into the framework, and then 
the person or object is categorized based on its output 
characteristics.” Thus, in categorization modeling the pre- 
established framework precedes the available data, ultimately 
allowing for faster analysis that is good for intelligence 
exploitation. However, is not ideal for in-depth exploration 
or during periods of change.” 


The reliance on categorization modeling by some within the 
IC might explain the reactive nature of intelligence 
operations—particularly when applied to rapidly adaptive 
problem sets such as insurgent locations and IED networks 
in Afghanistan. Similarly, the current emphasis placed on 
immediate reporting by senior-level decision-makers and 
military commanders alike is more prevalent now, as is the 
ability to provide nearly instantaneous military intelligence 
essential to end-users conducting day-to-day operations.”! 
However, it is necessary that the IC consider other 
frameworks that focus not only on immediate, exploitive 
analysis, but methodologies that provide more fidelity to 
longer-term problems requiring analytically-based solutions. 


MODELING FOR LONG-TERM 
INTELLIGENCE ANALYSIS 


The Cynefin Framework 


rther explanation regarding why the IC relies so 
heavily on categorization modeling involves a 
fundamental assumption found in organizational 
theory and practice: that a certain level of predictability and 


American Intelligence Journal 


Page 19 


Vol 33, No 1, 2016 


This content downloaded from 
92.247.105.147 on Thu, 30 Sep 2021 18:50:05 UTC 
All use subject to https://about.jstor.org/terms 


order exits in the world.” Moreover, this assumption 
encourages simplifications that are useful in ordered 
circumstances. However, as circumstances change the 
simplifications have the tendency to fail. An alternative 
method to categorization modeling is the Cynefin 
(pronounced ku-nev-in) Framework, which affords 
intelligence analysts and decision-makers the opportunity to 
see things from alternate viewpoints, assimilate complex 
concepts, and address real-world problems.” Specifically, 
the Cynefin Framework is a decision-making or analytical 
framework that recognizes the causal differences existing 
between system types and proposes new approaches to 
decision-making in complex social environments.” Unlike 
categorization modeling, where the framework itself precedes 
the data input, the Cynefin Framework is a sense-making 
model in which the framework emerges from the data itself.”° 


The Cynefin Framework consists of five domains: (1) the 
simple domain, where cause-and-effect relationships exist, 
are predictable, and are repeatable; (2) the complicated 
domain, where cause-and-effect relationships exist, but are 
not self-evident and therefore require expertise to decipher; 
(3) the complex domain, where cause and effect are only 
obvious in hindsight, with unpredictable and emergent 
outcomes; (4) the chaotic domain, where no cause-and-effect 
relationships can be determined; and (5) disorder, where 
decision-makers or analysts do not know the domain in 
which they reside.” Similar to characterization modeling, the 
simple and complicated domains of the Cynefin Framework 
are where most intelligence analysis occurs in order to 
determine causal relationships. However, the events of 
September 11, 2001 (chaotic), and the subsequent conflicts 
in Iraq and Afghanistan (complex) are the domains within 
which the IC has operated for the past decade. To meet 
these challenges, the IC must seek more accurate mental 
models and better analytical tools in order to gather, 
synthesize, and determine the meaning behind the 
ambiguous and conflicting information of the complex and 
chaotic domains. Therefore, processes such as 
categorization modeling utilized by intelligence analysts 
must adapt in order to deal with more complex and chaotic 
problem sets faced currently and in the future. 


ACTIVITY-BASED INTELLIGENCE 
Coping with the “Unknown Unknowns” 


e bulk of the IC’s analytical problems reside within 
the complex and chaotic domains of the Cynefin 
Framework. Moreover, the complex domain—the 

realm comprised of the “unknown unknowns”” and laden 
with unpredictable outcomes—warrants the most attention 
from analysts and decision-makers alike. Gregory Treverton 
offers a perspective regarding the “unknown unknowns” 
concept, likening the shift in the majority of intelligence 


problem sets today from “puzzles to mysteries.”*? Treverton 
compares puzzles to that of known problems, whereby new 
information will solve the puzzle.” Mysteries, however, are 
knowable problems, whereby an analyst may not 
necessarily know the answer to the problem, but might know 
what activities and events to look for in order to establish 
relationships.” [Editor’s Note: At the time the paper on 
which this article is based was written, Dr. Treverton was a 
longtime noted analyst at the RAND Corporation. He is 
currently Director of the National Intelligence Council (NIC) 
under the Office of the Director of National Intelligence. ] 


Gregory Treverton offers a perspective 
regarding the “unknown unknowns” 
concept, likening the shift in the majority 
of intelligence problem sets today from 
“puzzles to mysteries.” 


An example of this concept involves the state of the Iranian 
nuclear program discussed in a 2007 National Intelligence 
Estimate (NIE). New information provided in the NIE 
revealed a solution to an IC puzzle—namely, where does 
Iran’s nuclear weapons program stand, or where did it stand 
circa 2003?” Furthermore, questions addressed in the NIE 
regarding the overall status of Iran’s nuclear enrichment 
capabilities disclosed answers to both puzzles and 
mysteries. For example, the technical aspects of the 
enrichment program itself provided answers to puzzles such 
as “how many centrifuges?” and “what level of production 
capacity?” while the critical questions such as “what 
happened to Iran’s enrichment program after 2003?” still 
remain mysteries.** Therefore, it is necessary that the type 
of intelligence discipline utilized within the complex domain 
be capable of dealing with the mysteries encountered in 
addressing the “unknown unknowns.” Activity-based 
intelligence (ABI) is an example of an emerging intelligence 
discipline that may satisfy this need. 


ABlis characterized as a discipline of intelligence whereby 
the analysis and subsequent collection are focused on the 
activity and transactions associated with an entity, a 
population, or an area of interest.” Furthermore, the Human 
Domain, or Human Dimension—as an integral component of 
the ABI discipline—comprises several factors. These 
factors include presence, activities (including both physical 
and virtual transactions), culture, social structure/ 
organization, networks and relationships, motivation, intent, 
vulnerabilities, and capabilities of humans (single or groups) 
across all domains of the operational environment (space, 
air, maritime, ground, and cyber).* ABI enables intelligence 
analysts to shift away from an object-based focus and more 
toward collecting data on activities and transactions over 


Vol 33, No 1, 2016 


Page 20 


American Intelligence Journal 


This content downloaded from 
92.247.105.147 on Thu, 30 Sep 2021 18:50:05 UTC 
All use subject to https://about.jstor.org/terms 


long times or large areas. This allows for the storage and 
archiving of large amounts of ABI data into a database for 
future analysis. These large data sets can be “mined” for 
unknown unknowns, i.e., relationships or activities that were 
previously unrecognized.** 


Reemergence of ABI 


Previously I described the contrasting views of 
counterinsurgency intelligence and analysis from the 
perspectives of III Corps personnel in Iraq and ISAF 
personnel in Afghanistan. Though each command 
organization offered differing views regarding intelligence 
effectiveness, both agreed that certain intelligence 
disciplines—namely, SIGINT, GEOINT, and HUMINT—were 
integral to commanders and decision-makers in providing 
near-real-time situational awareness throughout the 
counterinsurgency campaign. Likewise, special operators in 
Iraq and Afghanistan reached back to intelligence analysts 
at the National Geospatial-Intelligence Agency (NGA) to 
assist them with filling in tactical intelligence gaps.” In turn, 
the analysts began compiling information gathered from a 
range of intelligence disciplines—from SIGINT and 
HUMINT to open source reporting—geotagging the 


information and storing the data into a database that (when 
queried) could be used to establish insurgent locations and 
networks.” For example, a common ABI format is referred to 
as activity layer plots. An intelligence analyst may 
superimpose all geotagged intelligence information about an 
IED explosion atop other intelligence information denoting a 
kidnapping in the same area. The analyst could then layer in 
other various open source data involving the same area and, 
once displayed, derive further intelligence information not 
seen or tracked before prior to the original IED event taking 
place.” 


Characteristics of ABI 


ABI as an intelligence discipline is nothing new per se. In 
fact, the synthesis of complex pieces of information gained 
as a result of painstaking network or nodal analysis and 
human terrain mapping have been practiced for years within 
the IC. However, it is the advancement in technology, such 
as cloud computing, emerging new data sources, and 
developments in the processing of large data sets both 
rapidly and efficiently, which now makes ABI possible to 
execute on a large scale.” 


ah te GB RRCUBATAe © 


«) (ane wi US - 


Poena 11 ta Fo 


A sample ABI product displaying real-time unmanned aircraft system video feeds and other geospatial data over a satellite 
image. Adapted from Earth Imaging Journal, http://eijournal.com/2013/is-activity-based-intelligence-a-modern-crystal-ball. 


American Intelligence Journal 


Page 21 


Vol 33, No 1, 2016 


This content downloaded from 
92.247.105.147 on Thu, 30 Sep 2021 18:50:05 UTC 
All use subject to https://about.jstor.org/terms 


The ABI methodology can be organized into four not 
necessarily sequential characteristics: (1) persistently 
collecting data on activity and transactions over a broad 
area or with a variety of sources, and then storing it ina 
searchable database; analysis of the data may happen 
immediately or that data may not become relevant to an 
intelligence issue until much later; (2) “sequence neutrality,” 
which looks for clues in the data, both backward and forward 
in time; (3) “data neutrality,” or the idea that all data are 
useful; analysis should not be biased toward any one data 
source, and (4) “knowledge management.” That is, when the 
ABI methodology is used to uncover associations in data it 
is important to capture them in a knowledge system using 
smart metadata tagging so they can be retrieved in the 
future. While ABI methodology may be ideal to solve 
intelligence issues dealing with complex problem sets now 
and in the future, several issues must be addressed prior to 
the ABI methodology being accepted as a long-term IC 
solution. 


Adoption and implementation of the ABI 
methodology by the IC is a natural 
progression from analytical categorization 
modeling, given the unpredictable and 
emergent outcomes encountered in the 
complex domain faced in Iraq and 
Afghanistan. 


CHALLENGES AND RECOMMENDATIONS 


doption and implementation of the ABI methodology 
by the IC is a natural progression from analytical 
ategorization modeling, given the unpredictable and 

emergent outcomes encountered in the complex domain 
faced in Iraq and Afghanistan. However, there are three 
pressing issues that must be addressed prior to ABI 
methodology becoming the norm among IC analysts: (1) 
the need to invest in a solution to seamlessly archive and 
access vast amounts of ABI data stemming from various 
sources and systems; (2) the need to drastically improve 
information integration and enterprise-wide 
interoperability; and( 3) the need to train and to educate 
analysts on the benefits of utilizing the ABI methodology 
to address complex and chaotic problem sets. 


ABI and the Data Storage Dilemma 


Issues to overcome prior to Community-wide acceptance 
of an ABI methodology include finding a solution to the 
ABI data storage and retrieval dilemma. ABI is comprised 
of various intelligence disciplines encompassing multiple 


phenomena, locations, timelines, and confidence levels, 
that is, “Big Data” so complex and so large that it 
presents a demanding technological challenge to 
overcome.” Also, “Big Data” is further complicated by 
the speed at which these data are now created—resulting 
in a solution that must account for exponential growth— 
and the disparate origins of information that may present 
challenges to analytical synthesis.** DOD recognizes 
these challenges; however, many previous solutions have 
attempted to centralize the data into repositories, or 
dictate specialized or complex data structures that were 
not necessarily applicable to all end-users.“ 


A potential solution to the challenges presented by ABI 
data storage and access is the continued development of, 
and investment in, cloud computing architecture. Cloud 
computing is a model for enabling ubiquitous, convenient, 
on-demand network access to a shared pool of 
configurable computing resources (e.g., networks, 
servers, storage, applications, and services) that can be 
rapidly provisioned and released with minimal 
management effort or service provider interaction.” 
Currently, the NGA’s NSG Expeditionary Architecture 
(NEA) holds promise as a Community-wide ABI data 
storage and retrieval system built on cloud architecture. 
The “NEA Cloud” holds both exploited and raw, 
unexploited data that—when combined—allow access to 
both activity-based association data and metadata. These 
data, along with other analysis from various sources, will 
provide analysts with an amalgam of information in which 
to develop patterns of life, discover networks, conduct 
nodal analysis, and determine abnormalities which may 
have otherwise been overlooked.** The way forward, 
then, is to continue development and expansion of the 
NEA Cloud and to ensure its unfettered access by 
national- and service-level intelligence analysts 
throughout the Community. 


Improving Data Integration and Interoperability 


A similar challenge to that of ABI storage and retrieval is 
the interoperability of data- gathering systems. Many 
sensors, systems, and platforms which comprise the ISR 
enterprise were planned, developed, and operationally 
employed for specific purposes—not designed 
necessarily to be compatible with one another. 
Furthermore, each service possesses its own command 
and control structure for its portion of the ISR enterprise, 
resulting in a greater divide in achieving worldwide 
systematic interoperability.” 


DOD also recognizes the issues with interoperability, and 
has efforts underway to improve systematic integration 
across the board utilizing a phased approach. The first 
phase includes connecting existing systems belonging to 


Vol 33, No 1, 2016 


Page 22 


American Intelligence Journal 


This content downloaded from 
92.247.105.147 on Thu, 30 Sep 2021 18:50:05 UTC 
All use subject to https://about.jstor.org/terms 


the military services—so that each service has an 
interoperable “family” of systems. Phase two focuses on 
interconnecting the families of systems to ensure joint 
and combined forces have unprecedented common access 
to battlefield data.“* While the framework to address 
interoperability issues across the board is in place, the 
incorporation of a relatively new ABI methodology has 
only just begun to be included as part of the discussion 
necessitating the urgency of interoperable systems. Yet, 
as ABI applications and tradecraft evolve as warfare 
evolves, technology and interoperability must be at the 
forefront of the solution to allow intelligence analysts to 
support operations anywhere in the world.” 


Building a Better Analyst 


The final consideration prior to adoption of the ABI 
methodology by the Intelligence Community writ large is 
formalized training and education. Analysts within the IC 
generally subscribe to categorization modeling. While 
adequate for use within the simple and complicated 
domains, ABI methodology requires further training for 
analysts to better address intelligence problem sets 
residing in the complex and chaotic domains. This 
training should allow ABI analysts to look at a variety of 
data types and determine their reliability, outline basic 
patterns of inference, examine the obstacles that arise 
based on cognition and small-group processes, 
differentiate between “puzzles” and “mysteries,” as well 
as distinguish between tactical and long-term intelligence 
analysis.*° 


Lastly, any training program that teaches ABI 
methodology should emphasize the ultimate goal of 
assessing uncertainty: 


In this view, it makes little sense to seek a single 
“tight answer” to many estimative questions...good 
intelligence often reveals new uncertainties: as 
analysts gain information and improve their 
conceptual frameworks, they may identify additional 
possibilities that they had not previously 
considered. That should not be seen as a problem, 
since the goal of intelligence is to describe the 
uncertainty that surrounds a particular question, 
and not to eliminate or to reduce this uncertainty 
per se.*! 


Thus, ABI analysts of the future must learn to navigate 
comfortably within the complex and chaotic domains— 
discovering new uncertainties while eagerly embracing 
the “unknown unknowns.” 


CONCLUSION 


A general should neglect no means of gaining 
information of the enemy’s movements, and, for 
this purpose, should make use of reconnaissances, 
spies, bodies of light troops commanded by capable 
officers, signals, and questioning deserters and 
prisoners. By multiplying the means of obtaining 
information, for no matter how imperfect and 
contradictory they may be, the truth may often be 
sifted from them. 


—Baron Antoine-Henri Jomini** 


e world has become a more complex place since 
September 11, 2001. Since then, the Intelligence 
Community has begun to adapt its processes and 

methodologies to address the complexities associated 
with a counterinsurgency campaign while providing this 
information to operational-level commanders and 
strategic-level decision-makers alike. Moreover, 
organizations such as NGA and the office of the Air Force 
Deputy Chief of Staff for ISR have paved the way for the 
adoption of the ABI methodology throughout the entirety 
of the IC. NGA’s NEA Cloud-computing architecture and 
its expertise in harnessing “Big Data” will become an 
integral part of the solution to address the data storage 
and interoperability challenges currently faced by DOD. 
Likewise, the Air Force will lead the way in transforming 
the ways and means of analysis and exploitation. This 
transformation is heralded throughout the service’s 
Strategic Vision document, noting that: 


The most important and challenging part of our 
analysis and exploitation revolution is the need to 
shift to a new model of intelligence analysis and 
production. The growing complexity of the data we 
collect along with the sheer quantity of data has 
obviated the traditional linear model of production. 
The new model treats all intelligence collection as 
sources of meta-tagged data accessible across 
multiple domains...from which analysts—trained 
in all-source techniques and methods—can 
discover, assess, and create relevant knowledge 
for commanders and decision makers at all levels.” 


Thus, the stage is set to transform the ways and means of 
today’s analytical processes and methodologies. 
Likewise, this analytical paradigm shift rests squarely 
atop the foundation of ABI methodology—framed by an 
improved and adopted tradecraft that will soon bolster the 
entirety of the IC with better and more capable analysts. 


American Intelligence Journal 


Page 23 


Vol 33, No 1, 2016 


This content downloaded from 
92.247.105.147 on Thu, 30 Sep 2021 18:50:05 UTC 
All use subject to https://about.jstor.org/terms 


Glossary 


Activity-Based Intelligence. A discipline of intelligence 
where the analysis and subsequent collection are focused 
on the activity and transactions associated with an entity, 
a population, or an area of interest. (see Endnote 34) 


Cynefin Framework. A decision-making or analytical 
framework that recognizes the causal differences which 
exist between system types and proposes new 
approaches to decision-making in complex social 
environments. (see Endnote 25) 


Geospatial Intelligence. The exploitation and analysis of 
imagery and geospatial information to describe, assess, 
and visually depict physical features and geographically 
referenced activities on the Earth. Geospatial intelligence 
consists of imagery, imagery intelligence, and geospatial 
information. Also called GEOINT. (JP 1-02. SOURCE: JP 
2-03) 


Human Intelligence. A category of intelligence derived 
from information collected and provided by human 
sources. Also called HUMINT. (JP 1-02. SOURCE: JP 2- 
0) 


Intelligence. 1. The product resulting from the 
collection, processing, integration, evaluation, analysis, 
and interpretation of available information concerning 
foreign nations, hostile or potentially hostile forces or 
elements, or areas of actual or potential operations. 2. 
The activities that result in the product. 3. The 
organizations engaged in such activities. (Approved for 
incorporation into JP 1-02) 


Intelligence Community. All departments or agencies of 
a government that are concerned with intelligence 
activity, either in an oversight, managerial, support, or 
participatory role. Also called IC. (Approved for 
incorporation into JP 1-02 with JP 2-0 as the source JP) 


Intelligence Discipline. A well-defined area of 
intelligence planning, collection, processing, exploitation, 
analysis, and reporting using a specific category of 
technical or human resources. (Approved for 
incorporation into JP 1-02) 


Intelligence Production. The integration, evaluation, 
analysis, and interpretation of information from single or 
multiple sources into finished intelligence for known or 
anticipated military and related national security 
consumer requirements. (Approved for inclusion in JP 1- 
02) 


Signals Intelligence. 1. A category of intelligence 
comprising either individually or in combination all 
communications intelligence, electronic intelligence, and 
foreign instrumentation signals intelligence, however 
transmitted. 2. Intelligence derived from communications, 
electronic, and foreign instrumentation signals. Also 
called SIGINT. (JP 1-02. SOURCE: JP 2-0) 


NOTES 

‘Clay Dillow, “Can Technology Save the Military from a Data 
Deluge?” Popular Science, 2 November 2011, http:// 
www.popsci.com/technology/article/2011-11/can-technology- 
save-military-its-technology. 

? National Security Strategy, under Strengthening National 
Capacity—A Whole of Government Approach (May 2010), 15. 
3U.S. Government Accountability Office, Actions Are Needed 
to Increase Integration and Efficiencies of DOD’s ISR 
Enterprise (2011). 

“House Permanent Select Committee on Intelligence, 
Performance Audit of Department of Defense Intelligence, 
Surveillance, and Reconnaissance, Executive Summary (April 
2012), ii. 

5 Ibid. 

Col Jason M. Brown, “Strategy for Intelligence, Surveillance, 
and Reconnaissance,” Research Report (Maxwell AFB, AL: Air 
War College, 14 February 2013), 24. 

7 House Permanent Select Committee on Intelligence, ii. 

8 For specific information pertaining to the success of 
intelligence operations in Iraq, see LTG Thomas F. Metz, COL 
William J. Tait, Jr., and MAJ J. Michael McNealy’s article, 
“OIF II: Intelligence Leads Successful Counterinsurgency 
Operations,” in Military Intelligence Professional Bulletin 34- 
05-3 (Fort Huachuca, AZ: U.S. Army Intelligence Center of 
Excellence, July-September 2005), https://www.fas.org/irp/ 
agency/army/mipb/2005_03.pdf. 

°MG Michael T. Flynn, Capt Matt Pottinger, and Paul D. 
Batchelor, “Fixing Intel: A Blueprint for Making Intelligence 
Relevant in Afghanistan,” Center for a New American Security, 
January 2010, http://www.cnas.org/media-and-events/press- 
release/fixing-intel-a-blueprint-for-making-intelligence-relevant- 
in-afghanistan, 11. 

1 Ibid., 21. 

" Tbid., 4. 

1? Ibid., 8: 

38 Tbid. 

14 This definition is proposed in a Deputy Chief of Staff for 
Intelligence, Surveillance, and Reconnaissance White Paper, 
“Revolutionizing AF Intelligence Analysis,” dated January 
2014. This definition synchronizes with a current Defense 
Intelligence Agency proposal for the definition of an analyst as 
“one who synthesizes information from one or more sources 
through processing, exploitation, or analysis to produce 
intelligence to inform or to provide decision advantage for 
defense or national policymakers” (ODNI Analyst/Collector 
Count Briefing, October 2013). 

1 Gregory F. Treverton and C. Bryan Gabbard, Assessing the 
Tradecraft of Intelligence Analysis, RAND Technical Report 
TR-293 (Santa Monica, CA: RAND, 2008), 1. 

16 Ibid., 7. 

” Ibid. 


Vol 33, No 1, 2016 


Page 24 


American Intelligence Journal 


This content downloaded from 
92.247.105.147 on Thu, 30 Sep 2021 18:50:05 UTC 
All use subject to https://about.jstor.org/terms 


18 Tbid. 

1 David J. Snowden, The Cynefin Framework (YouTube, The 
CognitiveEdge Network, uploaded 11 July 2010), http:// 
www. youtube.com/watch?v=N70z366X0-8. 

°° Tbid. 

* Treverton and Gabbard, Assessing the Tradecraft, 1. 

?? David J. Snowden and Mary E. Boone, “A Leader’s 
Framework for Decision Making,” Harvard Business Review, 
November 2007, 1. 

3 Ibid. 

*4 Ibid. 

*5 Snowden, The Cynefin Framework. 

26 Ibid. 

? Ibid. 

28 Snowden and Boone, “A Leader’s Framework,” 5. 

°° Gregory F. Treverton, “Intelligence for an Age of Terror”; 
Mark Phillips, “A Brief Overview of Activity Based 
Intelligence and Human Domain Analytics” (paper approved 
for release by National Geospatial-Intelligence Agency, 28 
September 2012), 2. 

3 Ibid. 

31 Ibid. 

32 Gregory F. Treverton, CIA Support to Policymakers: The 
2007 National Intelligence Estimate on Iran’s Nuclear 
Intentions and Capabilities (Washington, DC: Central 
Intelligence Agency Center for the Study of Intelligence 
Lessons Learned Program, May 2013), 27. 

33 Ibid. 

34 Mark Phillips, “A Brief Overview of Activity Based 
Intelligence and Human Domain Analytics,” Trajectory 
Magazine, 28 September 2012, http://trajectorymagazine.com/ 
web-exclusives/item/1369-human-domain-analytics.html. 

3 Ibid. 

3 United States Geospatial Intelligence Foundation, “Activity 
Based Intelligence” (working paper, Activity Based Intelligence 
Working Group, 29 November 2012). 

37 Gabriel Miller, “Activity-Based Intelligence Uses Metadata 
to Map Adversary Networks,” C4ISR Journal (8 July 2013), 
http://www.defensenews.com/article/20130708/C4ISRO02/ 
307010020/. 

38 Ibid. 

39 Ibid. 

® Ibid 

“ Ibid 

2 Keith L. Barber, “NSG Expeditionary Architecture: 
Harnessing Big Data,” Pathfinder: National Geospatial- 
Intelligence Agency Magazine 10, no. 5 (September/October 
2012): 8, https://www1.nga.mil/MEDIAROOM/ 
PATHFINDER/Pages/default.aspx. 

‘8 Ibid. 

“Col Jill E. Singleton, “Data Integration: Charting a Path 
Forward to 2035,” Research Report (Maxwell AFB, AL: Air 
War College, 14 February 2011), 4. 

4 Peter Mell and Timothy Grance, “The NIST Definition of 
Cloud Computing,” Special Publication 800-145 (Gaithersburg, 


MD: U.S. Department of Commerce, September 2011): 2, http:/ 


/csrc.nist.gov/publications/PubsSPs.html#800-145. 

4 Barber, “NSG Expeditionary Architecture,” 3. 

4” Defense Acquisitions, Report to the Chairman, Committee 
on Armed Services, House of Representatives, Steps Needed to 
Ensure Interoperability of Systems that Process Intelligence 


Data, GAO-03-329 (Washington, DC: General Accountability 
Office, 2003): 4, http://gao.gov/products/GAO-03-329. 

48 Ibid. 

4. Barber, “NSG Expeditionary Architecture,” 4. 

°° RAND, “Assessing the Tradecraft,” 38. 

5L Jeffrey A. Friedman and Richard Zechkhauser, “Assessing 
Uncertainty in Intelligence,” Intelligence and National Security 
27, no. 6 (December 2012): 826. 

5 Baron Antoine-Henri Jomini, The Art of War, trans. Capt 
G.H. Mendell and Lt W.P. Craighill (Gutenberg eBook #13549, 
28 September 2004), 273. 

53. Deputy Chief of Staff for Intelligence, Surveillance, and 
Reconnaissance, “Air Force ISR 2023: Delivering Decision 
Advantage” (Washington, DC: 2013), 13. 

54 Joint Publication 1-02, Department of Defense Dictionary of 
Military and Associated Terms (Washington, DC: 15 January 
2014), http://www.dtic.mil/doctrine/dod_dictionary/. 


Colonel James L. Lawrence II is commander of the 693rd 
Intelligence, Surveillance, and Reconnaissance Group 
(Distributed Ground Station-4) headquartered at 
Ramstein Air Base, Germany. He is a 1993 graduate of 
Fayetteville State University with a BA degree in English 
Language and Literature. Additionally, in 2007 he 
earned an MSSI degree from the then-National Defense 
Intelligence College (now NIU) and in 2014 a Master of 
Strategic Studies degree (with Academic Distinction) 
from the Air War College. The basis for this AIJ article is 
his AWC professional studies paper of the same title, 
which was nominated for the College’s Military 
Operations Outstanding Research Award. Colonel 
Lawrence’s most recent operational assignments include 
serving as U.S. Air Forces Central Command (AFCENT) 
Deputy Director of Intelligence at Al-Udeid Airbase, 
Qatar, in support of operations in Iraq, Afghanistan, and 
the Horn of Africa. He commanded the 48th Intelligence 
Squadron (Distributed Ground Station-2) at Beale AFB, 
CA, and served as Director of Operations for the 30" 
Intelligence Squadron (Distributed Ground Station-1) at 
Joint Base Langley-Eustis, VA. 


American Intelligence Journal 


Page 25 


Vol 33, No 1, 2016 


This content downloaded from 
92.247.105.147 on Thu, 30 Sep 2021 18:50:05 UTC 
All use subject to https://about.jstor.org/terms 


